Tyler Close wrote:
>> Ben Laurie wrote:
> > It is unclear to me that this is a sustainable view: I can
> > forge (i.e.
> > copy) the capabilities, even in a capability secure
> > platform, if I have
> > access to the platform, surely? Furthermore, in a
> > distributed capability
> > system, then capabilities are inherently forgeable, aren't they, by
> > virtue of the fact that I can transmit them from A to B.
>> The verb "forge" should be reserved for unauthorized copying.
> Authorized copying is just plain copying. Capabilities are (and must
> be) easily copied; however, they are impossible to forge. A credit
> card is easily copied and possible to forge.
>> Both of the scenarios you describe are authorized copying and not
> forgery. When I voluntarily pass a capability to someone else, I am
> sharing that capability with them. The receiving party is authorized
> to copy that capability.
>> > Clearly we try
> > to reduce that by using stuff like crypto between A and B,
>> The crypto is there only to ensure that the intent of a given copy
> operation is precisely implemented and that it does not result in
> unintended copies. The crypto is not there to in any way restrict the
> copying abilities of either A or B.
You misunderstand me. I agree that if B makes copies of capabilities,
that is not forgery. My point was that someone who has stolen B's keys
is _also_ in a position to make copies, and it is that that I am
referring to as forgery.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff